This Subscription Agreement (this “Agreement”) contains terms and conditions that govern your purchase of subscriptions to, and use of, the Services (as defined below), and is a contract between Vulners, Inc., a Delaware corporation (“Vulners”), and you or the entity or organization that you represent.
If you are an individual using the Services for your own purposes: (1) all references to “Customer” are to you and (2) you represent and warrant that you are at least 18 years of age, or have otherwise reached the age of “majority” where you reside, and that you have the right, power and authority to enter into this Agreement.
If you are using the Services on behalf of an entity or organization that you represent: (1) all references to “Customer” are to that entity or organization and (2) you represent and warrant that you are at least 18 years of age, or have otherwise reached the age of “majority” where you reside, and that you have the right, power and authority to enter into this Agreement on behalf of Customer.
This Agreement becomes binding and effective on Customer upon the earliest of: (1) when you access or use the Services, or (2) when you click an “I Accept” “Sign up” or similar button or check box referencing this Agreement with Vulners.
This Agreement sets forth the terms pursuant to which Customer may access and use Vulners’s hosted Services in connection with its Subscription to the Services. The Services will support Customer’s search, analysis and assessment of the security vulnerabilities of the systems, platforms, services, software, devices, sites and/or networks that Customer uses in its own internal business operations (collectively, but exclusive of the subscribed Services, “Customer’s Environment”).
Subject to the applicable Subscription and this Agreement, Vulners hereby grants to Customer the right to access and use the Services in accordance with the Documentation during the Subscription Term for Customer’s Environment.
As between the Parties, Customer controls Customer’s Environment and its individual components (each, a “Customer Component”), whether owned, leased or licensed by Customer, located on Customer’s premises or cloud-based, used by Customer on a software-as-a-service basis or otherwise. Customer will be able to use the Services by establishing integrations or other connections to one or more Customer Components (each, a “Connection”). By implementing a Connection to a Customer Component, Customer hereby grants to Vulners the right, and is expressly instructing Vulners, to access and interoperate with that Customer Component during the Subscription Term in order to provide and support the Services. Customer is responsible for complying with all applicable third-party terms, policies and licenses governing its access and use of Customer Components and associated data (collectively, “Third-Party Terms”).
All rights granted by each Party to the other under this Section 2 are limited, nonexclusive and, except as otherwise provided in this Agreement, non-transferable.
Vulners commits to make the Services Available at least 99.8% of the time, exclusive of any time the Services are not Available as a result of one or more Exceptions (the “Availability Standard”). If the actual Availability of the Services is less than the Availability Standard in any two consecutive months, Customer may terminate the applicable Subscription in the calendar month following such two-month period upon written notice to Vulners. In the event of such termination, Vulners will issue Customer a Pro-Rated Refund (as defined in Section 15.4).
Subject to this Agreement, Vulners will provide Support to Authorized Users by email. Although resolution times are not guaranteed, Vulners commits to respond to each request for Support from an Authorized User (each, a “Support Request”) within 48 hours. Customer’s sole and exclusive remedy for any alleged failure by Vulners to provide Support with reasonable skill, care and diligence following a Support Request shall be re-performance of the applicable Support.
One or more APIs will be available to Customer to assist with Customer’s implementation of Connections, and Vulners makes client libraries available to facilitate Customer’s coding against the API(s). In addition, Authorized Users may install a Vulners-produced software agent on certain Customer Components to support Customer’s collection of Customer Data. The code for these libraries and agents (collectively, “Ancillary Tools”) are available in public repositories at https://github.com/vulnersCom and are subject to the applicable open source licenses referenced in those repositories. Customer determines and controls what APIs and Ancillary Tools (if any) to use in connection with the Services. By using an API or Ancillary Tool in connection with the Services, Customer hereby agrees to do so in accordance with the Documentation and, in the case of the Ancillary Tool, with the applicable open source licenses (provided that if an applicable open source license for an Ancillary Tool contradicts rights or restrictions in the Documentation, the license will take precedence). The Ancillary Tools are not “Services” or “Support” for purposes of this Agreement.
Vulners uses third-party hosting providers, other service providers and Vulners Affiliates to support the provision of the Services and Support in the ordinary course of its business, i.e., not specifically for Customer (collectively, “Ordinary Course Providers”). Vulners reserves the right to engage and substitute Ordinary Course Providers as it deems appropriate, but shall: (a) remain responsible to Customer for the provision of the Services and Support and (b) be liable for the actions and omissions of its Ordinary Course Providers undertaken in connection with Vulners’s performance of this Agreement to the same extent Vulners would be liable if performing the Services or Support directly. In no event shall providers of Customer Components be deemed Ordinary Course Providers for any purpose under this Agreement.
Each Party agrees to comply with all Applicable Laws with respect to its performance of its obligations and exercise of its rights under this Agreement. Without limiting the foregoing:
All Fees are exclusive of taxes, levies, duties or charges imposed by government authorities (collectively, “Taxes”). Customer shall be solely responsible for all sales, service, value-added, use, excise, consumption and any other Taxes on amounts payable by Customer under the Subscription and this Agreement (other than any Taxes on Vulners’s income, revenues, gross receipts, personnel or assets). Without limiting the foregoing, if Customer is required to deduct or withhold any Taxes under Applicable Laws outside the United States, Customer shall remit such Taxes in accordance with those Applicable Laws and all Fees payable shall be increased so that Vulners receives an amount equal to the sum it would have received had no withholding or deduction been made.
As between the Parties: (a) Customer owns all right, title and interest in and to Customer’s Environment, including in each case all associated Intellectual Property Rights, and (b) Vulners owns all right, title and interest in and to the Services, Documentation and Feedback, including in each case all associated Intellectual Property Rights. Except for the rights expressly granted by one Party to the other in this Agreement, all rights are reserved by the granting Party.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS OTHERWISE PROVIDED IN THIS SECTION 17: (a) IN NO EVENT SHALL EITHER PARTY, ITS AFFILIATES OR THEIR EMPLOYEES, AGENTS, CONTRACTORS, OFFICERS OR DIRECTORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR BUSINESS INTERRUPTION, LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES ARISING OUT OF OR RELATING TO THIS AGREEMENT; AND (b) IN NO EVENT SHALL EITHER PARTY’S CUMULATIVE AND AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE FEES PAID TO VULNERS BY CUSTOMER UNDER THE APPLICABLE SUBSCRIPTION IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE LIABILITY. THE EXCLUSIONS AND LIMITATIONS IN THIS SECTION (COLLECTIVELY, THE “EXCLUSIONS”) APPLY WHETHER THE ALLEGED LIABILITY IS BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR ANY OTHER BASIS, EVEN IF THE NON-BREACHING PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THE EXCLUSIONS SHALL NOT APPLY TO A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 16, CUSTOMER’S BREACH OF SECTION 8.2, OR CUSTOMER’S PAYMENT OBLIGATIONS TO VULNERS UNDER THIS AGREEMENT. THE PROVISIONS OF THIS SECTION 17 ALLOCATE THE RISKS UNDER THIS AGREEMENT BETWEEN THE PARTIES, AND THE PARTIES HAVE RELIED ON THE EXCLUSIONS IN DETERMINING TO ENTER INTO THIS AGREEMENT AND THE PRICING FOR THE SERVICES.
Neither Party shall, except as otherwise required by Applicable Law or stock exchange requirements, issue or release any announcement, statement, press release or other publicity or marketing materials relating to this Agreement or otherwise use the other Party’s marks or logos without the prior written consent of the other Party; provided, however, that Vulners may (subject its obligations of non-attribution under Section 7.4) include Customer’s name and logo in its lists of Vulners customers, its public website and other promotional material. Vulners agrees to promptly cease such uses of Customer’s name and logo following Customer’s request sent to [email protected].
Subject to change pursuant to this Section: (a) Vulners’s physical address for notices is at Delaware, Wilmington 19801, 1000 N West Street, Suite 1200 and its email address for notices is [email protected] and (b) Customer’s physical and email addresses for notices are those associated with its Subscription. Notices required or permitted to be given under this Agreement shall be in writing and shall be deemed to be sufficiently given: (i) one business day after being sent by overnight courier to the Party’s physical address; (ii) three business days after being sent by registered mail, return receipt requested, to the Party’s physical address; or (iii) one business day after being sent by email to the Party’s email address (provided that (1) the sender does not receive a response that the message could not be delivered or an out-of-office reply and (2) any notice for an indemnifiable Action must be sent by courier or mail pursuant to clause (i) or (ii)). Either Party may change its address(es) for notice by providing notice to the other in accordance with this Section.
Where an Affiliate of Customer has not entered into a Subscription or other separate agreement directly with Vulners, Customer may authorize that Affiliate (each, a “Participating Affiliate”) to access and use the Services under an existing Subscription between Vulners and Customer. In such cases, references to “Customer” in the applicable Subscription and this Agreement will be deemed references to both Customer and the Participating Affiliate. Customer and its Participating Affiliates will be jointly and severally liable for compliance with this Agreement and the Subscription hereunder. As between Vulners and Customer, Customer accepts full liability for the acts and omissions of its Participating Affiliates.
So long as Customer remains current in the payment of all amounts when due, Customer may assign this Agreement in connection with any merger, consolidation or reorganization involving Customer (regardless of whether Customer is a surviving or disappearing entity), or a sale of all or substantially all of Customer’s business or assets relating to this Agreement to an unaffiliated third party. Subject to the foregoing, Customer may not assign any of its rights or obligation under this Agreement, whether by operation of law or otherwise, without Vulners’s prior written consent, and any purported assignment in violation of this Section is void. This Agreement is binding upon and inures to the benefit of the Parties hereto and their respective permitted successors and assigns.
The Services and Documentation are provided to the U.S. Government as “commercial items,” “commercial computer software,” “commercial computer software documentation,” and “technical data” with the same rights and restrictions generally applicable to the Services and Documentation. If Customer or any Authorized User is using Services and Documentation on behalf of the U.S. Government and these terms fail to meet the U.S. Government’s needs or are inconsistent in any respect with federal law, Customer and Customer’s Authorized Users must immediately discontinue use of the Services and Documentation. The terms listed above are defined in the Federal Acquisition Regulation and the Defense Federal Acquisition Regulation Supplement.
The Parties expressly understand and agree that their relationship is that of independent contractors. Nothing in this Agreement shall constitute one Party as an employee, agent, joint venture partner or servant of another. This Agreement is for the sole benefit of the Parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or shall confer on any other person any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.
Neither Party shall be liable or responsible to the other Party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations to make payments), when and to the extent such failure or delay is caused by acts of God; flood, fire or explosion; war, terrorism, invasion, riot or other civil unrest; embargoes or blockades in effect on or after the date of this Agreement; or national or regional emergency (each of the foregoing, a “Force Majeure Event”), in each case, provided the event is outside the reasonable control of the affected Party, the affected Party provides prompt notice to the other Party, stating the period of time the occurrence is expected to continue, and the affected Party uses diligent efforts to end the failure or delay and minimize the effects of such Force Majeure Event.
Except to the extent the issue arising under this Agreement is governed by United States federal law, this Agreement shall be governed by and construed and enforced in accordance with the laws of the State of Delaware without giving effect to the choice of law rules of that State. Any legal action or proceeding arising under or relating to this Agreement shall be brought exclusively in the state or federal courts located in New Castle County, State of Delaware, USA, and the Parties expressly consent to personal jurisdiction and venue in those courts. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods are specifically excluded from application to this Agreement.
This Agreement, together with the AUP, is the complete and exclusive statement of the agreement between the Parties and supersedes all proposals, questionnaires and other communications and agreements between the Parties (oral or written) relating to the subject matter of this Agreement. Any terms and conditions of any other instrument issued by Customer in connection with this Agreement which are in addition to, inconsistent with or different from the terms and conditions of this Agreement shall be of no force or effect. Additionally, this Agreement supersedes any confidentiality, non-disclosure, evaluation or trial agreement previously entered into by the Parties with respect Customer’s or an Affiliate’s evaluation of the Services or otherwise with respect to the Services. Except as otherwise provided in Section 28, this Agreement may be modified only by a written instrument duly executed by authorized representatives of the Parties. The failure of a Party to exercise or enforce any condition, term or provision of this Agreement will not operate as a waiver of such condition, term or provision. Any waiver by either Party of any condition, term or provision of this Agreement shall not be construed as a waiver of any other condition, term or provision. If any provision of this Agreement is held invalid or unenforceable, the remainder of the Agreement shall continue in full force and effect. The headings in this Agreement are for reference only and shall not affect the interpretation of this Agreement. For purposes of this Agreement, the words “include,” “includes” and “including” are deemed to be followed by the words “without limitation”; the word “or” is not exclusive; and the words “herein,” “hereof,” “hereby,” “hereto” and “hereunder” refer to this Agreement as a whole.
Capitalized terms not otherwise defined in this Agreement shall have the respective meanings assigned to them in this Section 27.
“Account Data” means information about Customer that Customer provides to Vulners in connection with the creation or administration of its Vulners account, such as first and last name, user name and email address of an Authorized User or Customer’s billing contact. Customer shall ensure that all Account Data is current and accurate at all times during the applicable Subscription Term, and shall in no event include Sensitive Information in Account Data.
“Affiliate” means, with respect to a Party, a business entity that directly or indirectly controls, is controlled by or is under common control with, such Party, where “control” means the direct or indirect ownership of more than 50% of the voting securities of a business entity.
“API” means an application programming interface referenced in the Documentation that Vulners maintains and makes available to Customer in connection with the Services.
“Applicable Laws” means any and all governmental laws, rules, directives, regulations or orders that are applicable to a particular Party’s performance under this Agreement.
“AUP” means Vulners’s standard Acceptable Use Policy, currently available at https://vulners.com/static/docs/acceptable_use_policy.html.
“Authorized User” means an individual employee, agent or contractor of Customer or a Participating Affiliate for whom subscriptions to Services have been purchased pursuant to the terms of the applicable Subscription and this Agreement, and who has been supplied user credentials for the Services by Customer or the Participating Affiliate (or by Vulners at Customer’s or a Participating Affiliate’s request).
“Available” means the Services are available for access and use by end users over the internet; “Availability” has a correlative meaning. Availability is assessed from the point where the Services are made available from Vulners’s hosting provider and measured in minutes over the course of each calendar month during the Subscription Term. Customer may request Availability information by submitting a Support Request.
“Documentation” means Vulners’s standard user documentation for the Services, currently available at https://vulners.com/docs/.
“Exceptions” means any of: (a) Customer’s breach of this Agreement, a Subscription or the AUP; (b) Customer’s failure to configure and use the Services in accordance with the Documentation; (c) failures of, or issues with, Customer’s Environment; (d) Force Majeure Events; (e) Vulners’s suspension of Authorized Users’ access to the Services pursuant to Section 8.3 or 15.2; or (f) maintenance during a window for which Vulners provides notice by email or through the Services in advance.
“Feedback” means bug reports, suggestions or other feedback with respect to the Services or Documentation provided by Customer to Vulners, exclusive of any Customer Confidential Information therein.
“GDPR” means the General Data Protection Regulation 2016 / 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing of Directive 95/46/EC.
“Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
“Malicious Code” means viruses, worms, time bombs, Trojan horses and other harmful or malicious code, files, scripts, agents or programs.
“Party” means each of Vulners and Customer.
“Personal Information” means information relating to an identified or identifiable natural person that is protected by Applicable Laws with respect to privacy where the individual resides.
“Pricing Page” means the publicly available web page(s) where Vulners publishes its list prices for Services, currently available at https://vulners.com/pricing.
“Privacy Policy” means Vulners’s standard Privacy Policy, currently available at https://vulners.com/static/docs/privacy_policy.html.
“Process” means to perform an operation or set of operations on data, content or information, including to submit, transmit, post, transfer, disclose, collect, record, organize, structure, store, adapt or alter; “Processing” has a correlative meaning.
“Sensitive Information” means the following categories of Personal Information: (a) government-issued identification numbers, including Social Security numbers; (b) financial account data; (c) biometric, genetic, health or insurance data; (d) financial information; (e) data revealing race, ethnicity, political opinions, religion, philosophical beliefs or trade union membership; (f) data concerning sex life or sexual orientation; and (g) data relating criminal convictions and offenses. Without limiting the foregoing, the term “Sensitive Information” includes Personal Information that is subject to specific or heightened requirements under Applicable Law or industry standards, such as Social Security numbers in the United States, protected health information under the U.S. Health Insurance Portability and Accountability Act, nonpublic personal information under the U.S. Gramm-Leach-Bliley Act, cardholder data under the PCI Data Security Standard, and special categories of personal data under the GDPR.
“Services” means the security vulnerabilities search engine and assessment platform to which Customer subscribes through, or otherwise uses following, a Subscription that is made available by Vulners online via the applicable login page and other web pages designated by Vulners. Vulners may make such changes to the Services as Vulners deems appropriate from time to time, provided such changes do not materially decrease the features or functionality of the Services as they existed at the effective date of this Agreement.
“Subscription” means the packaged plan and associated features, as detailed at the Pricing Page, for the Services to which Customer subscribes.
“Subscription Term” means, with respect to each Subscription, the subscription term for the Services specified in the applicable Subscription and all Renewal Subscription Terms, if any. In the event a Subscription does not specify a fixed term, then the Subscription Term will run from the Subscription’s effective date until the end of the calendar month in which either Party gives notice of termination in accordance with Section 19, unless the Subscription is otherwise terminated earlier in accordance with this Agreement or the Subscription.
“Support” means Vulners’s standard customer technical support for the Services, currently provided exclusively via email.
Vulners may modify this Agreement at any time by posting a revised version at https://vulners.com/static/docs/subscription_agreement.html, which modifications will become effective as of the first day of the calendar month following the month in which they were first posted. If Customer objects to the updated Agreement, as its sole and exclusive remedy, Customer may choose not to renew the Subscription. For the avoidance of doubt, any Subscription is subject to the version of the Agreement in effect at the time of the.